Chinese keyboard flaws, hacked news story, TikTok on the clock
Chinese keyboard app flaws exposed
Last year, researchers at Citizen Lab found that the popular Sogou Chinese keyboard app failed to use TLS when sending keystroke data to the cloud for typing predictions. This opens the door to potential spying on typed content. In a follow up, the researchers discovered that virtually all Chinese keyboard mobile apps had the same flaw. The researchers found a lack of TLS in apps from Baidu, Tencent, and iFlytek, as well as ones preinstalled on Android devices sold in China. The only device tested without the flaw was one preinstalled on a Huawei device. The researchers say the ease of exploiting this flaw likely means its been exploited at scale in the wild. The researchers contracted the app developers, with the majority fixing the issue before publication, although its unclear if preinstalled Android apps would receive an update.?
Threat actors plant fake assassination story
The Czech News Agency, CTK, reports that an unidentified threat actor accessed its website to publish a fake story. The story claimed that Slovakia’s Security Information Service prevented an assassination attempt against newly elected Slovak president Peter Pellegrini by Ukrainian nationals. The faked story was published in English and Czech but did not get distribution to CTK’s clients. Researchers at Mandiant previously tied similar spoofed new stories to the Belarusian-affiliated threat group Ghostwriter, but no indication so far of their involvement here.?
ByteDance on the clock to divest TikTok
Yesterday President Biden signed a foreign-aid package into law that included a provision that could potentially ban TikTok in the US. The law gives ByteDance 270-days to sell off TikTok, with an optional 90 day extension at the President’s discretion. ByteDance plans to file to block the law on First Amendment grounds. Bloomberg’s sources say ByteDance sees a TikTok sales as a last resort and expects legal action to at least delay enforcement on any ban. The potential ban would go into effect on January 19th, the day before the next presidential inauguration.?
US sanctions Iranians linked to cyberattacks
The Treasury Department’s Office of Foreign Assets Control, or OFAC, issued sanctions against four Iranian nationals. The sanction alleges these individuals participated in cyberattacks against the US government and defense contractors, using spear phishing and social engineering. OFAC also issued sanctions against two front companies used by the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command. The sanctions freeze all US-based assets. The US State Department also offered a reward of up to $10 million for additional information on any of these sanctioned individuals or organizations.?
领英推荐
Huge thanks to our sponsor, Veracode
A post-attack update from Change Healthcare
After suffering two devastating ransomware attackers in the last three months, Change Healthcare reports that 99% of pre-incident pharmacies can now process claims and that payment processing is at 86% of pre-incident capacity. An investigation of the attack remains ongoing. It doesn’t expect to have sufficient data to notify all impacted customers for several more months. The company saw significant data exfiltration in the attacks, but reports its investigation didn’t turn up any medical histories in impacted data so far.?
Ransomware dries out Sweden
The Swedish government-owned retailer Systembolaget holds a monopoly on the sale of alcoholic beverages. One of its critical distributors, Skanlog, reported it suffered a ransomware attack from a group based in North Korea. The company has not announced when it expects to resume normal operations. As a result, Systembolaget warned Swedes that many beers, wines, and spirits could sell out in the country in a matter of days. This wouldn’t impact all beverages, but certain brands would likely be unavailable until the distributor resolves the attack.?
Google Meet adds client-side encryption for non Google users
The video messaging platform already offered client-side encryption between Google Workspace accounts, but previously did not provide a secure option for external users. Google says that all data at rest and in-transit is now encrypted between calls, giving users direct control of encryption keys and identity services. Workspace admins have to update their configuration settings to open up client-side encryption for external users and can specify which third-party identity partners they will allow.?
Windows 11 Start menu ads rolling out
Earlier this month Microsoft began testing these ads with select Windows Insider builds, but will not roll them out globally. These come in the form of app “recommendations” for apps in the Microsoft Store. Microsoft says only a limited set of curated developers can buy ads initially. Users can toggle off these ads in their Personalization settings for now. This isn’t Microsoft’s first attempt at this, it tested ads in Windows 11’s File Explorer last year.?